Unable to disable TLS

R0N · July 19, 2021, 9:12am

Debug email shell

Email configuration

Host: xxxxxxxxxxxxxx
Port: 26
Username:
Password: *********
TLS: true
Sending email from: Passbolt passbolt@xxxxxxxxx
Sending email to: ron@xxxxxxxxxxxxx

Trace
[220] xxxxxxxxxxxxxxxxx ESMTP xxxxxxxxxxxxxxxx

EHLO localhost
[250] xxxxxxxxxxxxxxxxxxxx
[250] PIPELINING
[250] SIZE 10485760
[250] VRFY
[250] ETRN
[250] ENHANCEDSTATUSCODES
[250] 8BITMIME
[250] DSN
[250] SMTPUTF8
[250] CHUNKING
Could not send the test email.
Error: SMTP server did not accept the connection or trying to connect to non TLS SMTP server using TLS.
root@7938369eae56:/usr/share/php/passbolt# echo $EMAIL_TRANSPORT_DEFAULT_TLS
false
root@7938369eae56:/usr/share/php/passbolt#

For some reason using the CE Docker image I am unable to disable TLS
Running: [3.2.0] (latest) but noticed the same in the previous version.

garrett · July 19, 2021, 12:13pm

Try this EMAIL_TRANSPORT_DEFAULT_TLS seemingly ignored

Null instead of false.

R0N · July 19, 2021, 1:50pm

Tried that but did not change a thing

Open source password manager for teams

Debug email shell

Email configuration

Host:xxxxxxxxxxxxxxx
Port: 26
Username:
Password: *********
TLS: true
Sending email from: Passbolt passbolt@xxxxxxxxxxxx
Sending email to: ron@xxxxxxxxxxxxxx

Trace
[220] xxxxxxxxxxxxxxxxxxx ESMTP xxxxxxxxxx

EHLO localhost
[250] xxxxxxxxxxxxxxxxxx
[250] PIPELINING
[250] SIZE 10485760
[250] VRFY
[250] ETRN
[250] ENHANCEDSTATUSCODES
[250] 8BITMIME
[250] DSN
[250] SMTPUTF8
[250] CHUNKING
Could not send the test email.
Error: SMTP server did not accept the connection or trying to connect to non TLS SMTP server using TLS.
root@af4858aece8d:/usr/share/php/passbolt# echo $EMAIL_TRANSPORT_DEFAULT_TLS
null
root@af4858aece8d:/usr/share/php/passbolt#

garrett · July 19, 2021, 6:45pm

Where are you setting the environment variable? It seems your changes are not being respected.

R0N · July 20, 2021, 5:11am

Hi Garrett,

I set them in the docker-compose file, the container understands them as you can see in the last command. If I do an echo of the environment variable it is there but Passbolt does not use it for the email send function.

garrett · July 20, 2021, 6:49pm

You could try using the env files that are referenced in the stock docker-compose.yml file.

R0N · July 20, 2021, 7:15pm

I tried that too, same result. The container understands the variable, otherwise it would not show with the echo command. The passbolt config file is missing the variable somewhere I guess.

garrett · July 20, 2021, 7:17pm

If you look in the container’s /etc/passbolt you can find some of those config files that should use the variable.

R0N · July 21, 2021, 9:37am

I changed the config files but the result is the same, the send mail still shows the same error that it tries to send mail using TLS.

R0N · July 21, 2021, 12:34pm

If I disable TLS in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Mailer/Transport/SmtpTransport.php

It works by commenting out the part
try {
$this->_smtpSend(“EHLO {$host}”, ‘250’);
/* if ($config[‘tls’]) {
$this->_smtpSend(‘STARTTLS’, ‘220’);
$this->_socket()->enableCrypto(‘tls’);
$this->_smtpSend(“EHLO {$host}”, ‘250’);
}
*/ }

This value “$config[‘tls’]” is probably not functioning correctly.

garrett · July 22, 2021, 7:12pm

@R0N And it’s weird also because the default value is null, I believe. Did you try not including it at all?

R0N · July 22, 2021, 8:59pm

Yes, same result.
The default is ‘null’ but the “if ($config[‘tls’])” is always true and therefor it always sends the STARTTLS command.

garrett · July 23, 2021, 12:06am

@R0N It appears that cakephp uses ‘false’ for default value.

This user had to change to null in the old version to make it work.

I’m not clear why it does not work with the environment variable but it must be catching that the variable is set, rather than checking it’s true.

Do other variables in /env/passbolt.env work? If not, maybe docker-compose.yml should have ./env/passbolt.env instead of env/passbolt.env.

Instead of commenting out the cakephp source code, try changing the passbolt config file line of tls from:

'tls' => env('EMAIL_TRANSPORT_DEFAULT_TLS', null),

to:

'tls' => filter_var(env('EMAIL_TRANSPORT_DEFAULT_TLS', false), FILTER_VALIDATE_BOOLEAN),

and also remove this variable from the passbolt.env file, and see if that works.

R0N · July 23, 2021, 8:18am

I made the change and that seems to do the trick.
Now it works as expected.

garrett · July 23, 2021, 12:44pm

Thanks for the feedback, this helps. I will put in a PR to have this reviewed.

R0N · July 24, 2021, 7:22am

Thanks for your help, hope there is a fix in the next version

Unable to disable TLS

Debug email shell

Email configuration

Host: xxxxxxxxxxxxxx Port: 26 Username: Password: ********* TLS: true Sending email from: Passbolt passbolt@xxxxxxxxx Sending email to: ron@xxxxxxxxxxxxx

Open source password manager for teams

Debug email shell

Email configuration

Host:xxxxxxxxxxxxxxx Port: 26 Username: Password: ********* TLS: true Sending email from: Passbolt passbolt@xxxxxxxxxxxx Sending email to: ron@xxxxxxxxxxxxxx

Host: xxxxxxxxxxxxxx
Port: 26
Username:
Password: *********
TLS: true
Sending email from: Passbolt passbolt@xxxxxxxxx
Sending email to: ron@xxxxxxxxxxxxx

Host:xxxxxxxxxxxxxxx
Port: 26
Username:
Password: *********
TLS: true
Sending email from: Passbolt passbolt@xxxxxxxxxxxx
Sending email to: ron@xxxxxxxxxxxxxx